Impala Authentication

Authentication is the mechanism to ensure that only specified hosts and users can connect to Impala. It also
verifies that when clients connect to Impala, they are connected to a legitimate server. This feature
prevents spoofing such as impersonation (setting up a phony client system with the same account
and group names as a legitimate user) and man-in-the-middle attacks (intercepting application
requests before they reach Impala and eavesdropping on sensitive information in the requests or the results).

Impala supports authentication using either Kerberos or LDAP.

Note:
Regardless of the authentication mechanism used, Impala always creates HDFS directories and data files
owned by the same user (typically impala). To implement user-level access to different
databases, tables, columns, partitions, and so on, use the Sentry authorization feature, as explained in
Enabling Sentry Authorization for Impala.

Once you are finished setting up authentication, move on to authorization, which involves specifying what
databases, tables, HDFS directories, and so on can be accessed by particular users when they connect through
Impala. See Enabling Sentry Authorization for Impala for details.